View previous topic :: View next topic |
Author |
Message |
iromeister n00b
Joined: 04 Feb 2017 Posts: 31 Location: Berlin
|
Posted: Thu Nov 04, 2021 1:41 pm Post subject: Why no Gentoo Linux Security Advisories (GLSA) since July? |
|
|
Hi folks,
I just realized that the latest GLSA is from July 24th. What happened to them? It's not possible that there were no security issues since then, so why have they stopped? |
|
Back to top |
|
|
Marlo Veteran
Joined: 26 Jul 2003 Posts: 1591
|
Posted: Thu Nov 04, 2021 6:48 pm Post subject: |
|
|
Too few staff?
Now comes the obligatory counter question!
Do you want to work in the GLSA team? _________________ ------------------------------------------------------------------
http://radio.garden/ |
|
Back to top |
|
|
kukibl Apprentice
Joined: 10 Jun 2008 Posts: 237
|
Posted: Thu Nov 04, 2021 11:19 pm Post subject: |
|
|
Marlo wrote: | Do you want to work in the GLSA team? |
How can someone start/join GLSA team? What are requirements?
I see that Bugzilla is the first step (there are numerous security related issues opened in last 7 days). I guess next step is for developer to process these, define how to fix it and open GLSA report? |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Fri Nov 05, 2021 3:01 am Post subject: |
|
|
It seemed years ago that reviewing GLSAs was excessive if one keeps their operating system up-to-date. I wonder if that's wrong. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
kukibl Apprentice
Joined: 10 Jun 2008 Posts: 237
|
Posted: Fri Nov 05, 2021 7:42 am Post subject: |
|
|
Is that valid for stable as well (to keep system up-to-date and be safe, although there is no GLSA)? |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Fri Nov 05, 2021 2:50 pm Post subject: |
|
|
kukibl wrote: | Is that valid for stable as well (to keep system up-to-date and be safe, although there is no GLSA)? |
The best I remember, GLSAs didn't direct users to move to unstable versions. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
iromeister n00b
Joined: 04 Feb 2017 Posts: 31 Location: Berlin
|
Posted: Fri Nov 05, 2021 3:03 pm Post subject: |
|
|
Marlo wrote: | Do you want to work in the GLSA team? |
I neither have the capacity nor the skills to do that, was just wondering. |
|
Back to top |
|
|
sam_ Developer
Joined: 14 Aug 2020 Posts: 1678
|
Posted: Thu Jan 27, 2022 6:34 am Post subject: |
|
|
See this thread and earlier posts in that thread, but the gist is that our tooling broke. We're nearly there with the fixes and have now been able to publish the Polkit GLSA using the new stuff! More soon and regular publication.
As Ionen notes in that thread, getting stuff patched, fixed, and stabled has not been affected, i.e. issues have been fixed in the Gentoo repository ASAP.
Thank you for your patience, we've been strugging with this for a while. |
|
Back to top |
|
|
|